1. Field
Embodiments of the present invention generally relate to the field of network security techniques. In particular, various embodiments relate to human user verification of high risk network access performed on an intermediary security device.
2. Description of the Related Art
Malware includes software that may be loaded onto a computer for performing operations against an interest or intension of a user. Malware commonly perform automated network access without notification to or awareness by the user. Such network accesses include downloading malware via drive-by-download. In this case, a website contains one or more web browser exploits that will execute arbitrary code on the user's computer automatically when the user visits that site with a vulnerable version of a web browser. Some malware may download other malware modules or updates to an infected computer. Most of the time a successful exploit (or social engineering attack) first installs a loader program on the victim's computer, which then loads other malware (e.g., a rootkit, a bot, a spambot, a password stealer or the like) and future updates of those malware automatically. Some malware connect to botnet command and control (C&C) servers to retrieve instructions or upload stolen information. Most bots connect to their C&C servers on a regular basis as long as the victim computer is running. Many modern bots try to disguise their C&C communication as normal HyperText Transfer Protocol (HTTP) traffic. Some malware actively scan or attack other computers on the Internet or a local network to which the infected computer is attached. Many bots include modules to scan a network range or websites for vulnerable systems, or perform Distributed Denial of Service (DDoS) attacks on other websites as instructed by the C&C server.
In view of the foregoing, it is desirable to identify and verify high-risk network accesses.